It seems Windows Defender is reporting a false positive for v17.12 of NextSTART.exe on Windows 10 and automatically deleting the executable.

I already reported it to Microsoft, but now we must wait for them to look into it and update the online definitions of Windows Defender.

In the mean time, here is what you need to do to solve the issue:

1. Go to the Windows Start Menu and open the Windows Defender Security Center.

2. Click 'Virus & threat protection'.

3. Click 'See threat details'.

4. You should see an entry saying 'Trojan:Win32/Azden.A!cl'. Click on it.

5. In 'Action Options' select 'Allow on device'

6. Click 'Start Actions' button above.

7. You should get an 'Allow threats' dialog. Click the 'Allow' button.

8. Click OK in the UAC prompt.

NextSTART.exe is now removed from quarantine and you can run it normally.

-----

Just in case you're curious, here are the VirusTotal results for NextSTART.exe and the other Winstep executables. Out of over 60 different AV engines only eGambit (never heard of it) finds anything suspicious. Obviously a false positive as well:

Sincerely, sometimes I think some of these AV engines create a lot more problems than they solve. Sigh.

In the mean time, and until I hear back from Microsoft with a resolution, I removed Winstep Xtreme from the update list so it's not picked up by the Winstep Update Manager. They were quite fast responding when this happened with the beta - let's hope they're even faster this time around. Unfortunately we then have to wait even longer for the Windows Defender online definitions database to be updated.

I think you can click on details and it will THEN name the NextSTART executable. But yes, it's VERY stupid that it doesn't do that in the first place.

Well, that's modern Microsoft for you. Winstep software never had trouble with Windows Defender until now, and, from what I have just been reading online, it seems Defender is reporting a LOT of FALSE positives lately.

Since Defender runs on basically every Windows 10 machine, doesn't even give the user an option and immediately deletes the file, that's not good: it basically blocks the software from running on all Windows 10 machines.

Now I feel as if I have to ask permission from Microsoft before making a new release - if I already didn't like the direction they were taking before... lets say I'm not exactly a happy camper at the moment. Was forced to halt the Winstep Xtreme update because of this.

Ok, issue has been resolved and the Cloud definition of Windows Defender no longer detects NextSTART as malware, so I have resumed the update.

Something that puzzles me is why would NextSTART be considered a threat but WorkShelf is left alone. This because WorkShelf does everything NextSTART does and much more, while NextSTART doesn't even connect to the Internet.

I have a theory: I think Defender keeps track of all the programs running out there on Windows 10 user's machines, and somewhere out there, there is a cracked/pirated version of Winstep Xtreme where NextSTART.exe has been deliberately infected with malware. This raises a flag to the 'nextstart.exe' filename in Defender's Cloud database, which then makes it suspicious of the legit version.

Just a theory, though. Especially because flagging files as malware based on the filename alone would be pretty stupid - but one never knows.

Windows defender is not the best software. I have tested it in so many ways, and as IT security expert, I would reccomend to dissable it and use other security solution. To my personal opinion, Bitdefender and Avast is much better solutions than Windows Defender.

I totally agree Windows Defender is garbage. I have it disabled and any PC that I do malware and program fixes on, I tell the person that I disabled it.

I then install Avast as the antivirus program. I've been an Avast user for years. Now, with that being said, there is an issue with Winstep updates and Avast.

It flags any update beta or otherwise as potentially malicious, blocks the update from installing, does a scan and sends a report which later on comes back as okay. So, anytime I get an update, I disable Avast before installing it. However, that doesn't totally solve the problem. Once I reenable it after the update is installed, it will do the scan and sometimes block Winstep until later on Avast finds that it's okay.

I've asked Jorge a couple of times if he has contacted Avast to whitelist it, but he never answered back. I'm surprised I never got a reply.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum